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1 Timescales and stability: A non-instrusive. wavelet-based approach to detecting 

network performance problems 
^ Polly Huang, Anja Feldmann, Walter Willinger 

November 2001 Proceedings of the 1st ACM SIGCOMM Workshop on Internet 

Measurement 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings , index 
terms 



Full text available: t Bpd«3.01 MB) 



The main objective of this paper is to explore how much information about the 
characteristics of end-to-end network paths can be inferred from relying solely on passive 
packet-level traces of existing traffic collected from a single tap point in the network. To 
this end, we show that a number of structural properties of aggregate TCP/IP packet 
traces reveal themselves and can be compared across different time periods and across 
paths of the traffic destined to different subnets by exploiting the ... 



Keywords: energy function, network performance, passive measurements, scale- 
localization, wavelets 



2 A fast string-matching algorithm for network processor-based intrusion detection 
^ system 

Rong-Tai Liu, Nen-Fu Huang, Chih-Hao Chen, Chia-Nan Kao 

August 2004 ACM Transactions on Embedded Computing Systems (TECS), Volume 3 issue 

3 

Publisher: ACM Press 

Full text available: *g) pdf(571.00 KB) Additional Information: full citation , abstract , references , index terms 

Network intrusion detection systems (NIDSs) are one of the latest developments in 
security. The matching of packet strings against collected signatures dominates signature- 
based NIDS performance. Network processors are also one of the fastest growing 
segments of the semiconductor market, because they are designed to provide scalable 
and flexible solutions that can accommodate change quickly and economically. This work 
presents a fast string-matching algorithm (called FNP) over the network proces ... 

Keywords: Intrusion detection, network, pattern matching, processor 
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3 Special feature: Report on a working session on security in wireless ad hoc networks Q 
Levente Buttyan, Jean-Pierre Hubaux 

January 2003 ACM SIGMOBILE Mobile Computing and Communications Review, Volume 

7 Issue 1 
Publisher: ACM Press 

Full text available: ^| pdf(2.50 MB) Additional Information: full citation , references , citings 




An on-demand secure routing protocol resilient to byzantine failures 

Baruch Awerbuch, David Holmer, Cristina Nita-Rotaru, Herbert Rubens 

September 2002 Proceedings of the 3rd ACM workshop on Wireless security WiSE '02 

Publisher: ACM Press 

Full text available* -Q pdf(233 97 KB) Additiona ' Information: full citation , abstract , references , citings , index 

terms 

An ad hoc wireless network is an autonomous self-organizing system ofmobile nodes 
connected by wireless links where nodes not in directrange can communicate via 
intermediate nodes. A common technique usedin routing protocols for ad hoc wireless 
networks is to establish therouting paths on-demand, as opposed to continually 
maintaining acomplete routing table. A significant concern in routing is theability to 
function in the presence of byzantine failures whichinclude nodes that drop, modify, or 
m ... 

Keywords: ad hoc wireless networks, byzantine failures, on-demand routing, security 



Protocol scrubbing: network security through transparent flow modification 
David Watson, Matthew Smart, G. Robert Malan, Farnam Jahanian 
April 2004 IEEE/ACM Transactions on Networking (TON), Volume 12 issue 2 
Publisher: IEEE Press 

Full text available: ^|pdf(316.54 KB) Additional Information: full citation , abstract , references , index terms 

This paper describes the design and implementation of protocol scrubbers. Protocol 
scrubbers are transparent, interposed mechanisms for explicitly removing network scans 
and attacks at various protocol layers. The transport scrubber supports downstream 
passive network-based intrusion detection systems by converting ambiguous network 
flows into well-behaved flows that are unequivocally interpreted by all downstream 
endpoints. The fingerprint scrubber restricts an attacker's ability to determine t ... 

Keywords: intrusion detection, network security, protocol scrubber, stack fingerprinting 



6 Bandwidth and traffic estimation techniques: Single-hop probing asymptotics in 




available bandwidth estimation: sample-path analysis 

Xiliang Liu, Kaliappa Ravindran, Benyuan Liu, Dmitri Loguinov 

October 2004 Proceedings of the 4th ACM SIGCOMM conference on Internet 

measurement 
Publisher: ACM Press 

Full text available: ^| pdf(420.64 KB) Additional Information: full citation , abstract , references , index terms 

In this paper, we take the sample-path approach in analyzing the asymptotic behavior of 
single-hop bandwidth estimation under bursty cross-traffic and show that these results 
are provably different from those observed under fluid models of prior work. This 
difference, which we call the probing bias, is one of the previously unknown factors that 
can cause measurement inaccuracies in available bandwidth estimation. We present an 
analytical formulation of "packet probing," based on which we deri ... 
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Keywords: bandwidth measurement, packet train probing 



7 Fast detection of communication patterns in distributed executions 
Thomas Kunz, Michiel F. H. Seuren 

November 1997 Proceedings of the 1997 conference of the Centre for Adva need 
Studies on Collaborative research 

Publisher: IBM Press 

Full text available: gpdf(4.21 MB) Additional Information: full citation , abstract , references , index terms 

Understanding distributed applications is a tedious and difficult task. Visualizations based 
on process-time diagrams are often used to obtain a better understanding of the 
execution of the application. The visualization tool we use is Poet, an event tracer 
developed at the University of Waterloo. However, these diagrams are often very complex 
and do not provide the user with the desired overview of the application. In our 
experience, such tools display repeated occurrences of non-trivial commun ... 

8 End-to-end internet packet dynamics 
Vern Paxson 

June 1999 IEEE/ACM Transactions on Networking (TON), volume 7 issue 3 
Publisher: IEEE Press 

Full text available: ^ pdf(1 94.20 KB) Additional Information: full citation , references , citings , index terms 



Keywords: computer network performance, computer network reliability, computer 
networks, failure analysis, internet-working, stability 



9 Integrating heterogeneous wireless technologies: a cellular aided mobile Ad Hoc 
network (CAMA) 

Bharat Bhargava, Xiaoxin Wu, Yi Lu, Weichao Wang 

August 2004 Mobile Networks and Applications, Volume 9 issue 4 

Publisher: Kluwer Academic Publishers 

Full text available: gpdf(365.14 KB) Additional Information: full citation , abstract , references , index terms 

A mobile ad hoc network is a collection of wireless terminals that can be deployed rapidly. 
Its deficiencies include limited wireless bandwidth efficiency, low throughput, large delays, 
and weak security. Integrating it with a well-established cellular network can improve 
communication and security in ad hoc networks, as well as enrich the cellular services. 
This research proposes a cellular-aided mobile ad hoc network (CAMA) architecture, in 
which a CAMA agent in the cellular network manages th ... 

Keywords: ad hoc networks, cellular networks, heterogeneous networks, quality of 
service, security 



10 End-to-end available bandwidth: measurement methodology, dynamics, and relation jj| 

^ with TCP throughput 

^ Manish Jain, Constantinos Dovrolis 

August 2002 ACM SIGCOMM Computer Comm unication Review , Proceedings of the 
2002 conference on Applications, technologies, architectures, and 
protocols for computer communications SIGCOMM '02, volume 32 issue 4 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings , index 
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Full text available: ^ pdff400.95 KB) terms 

The available bandwidth (avail-bw) in a network path is of major importance in congestion 
control, streaming applications, QoS verification, server selection, and overlay networks. 
We describe an end-to-end methodology, called Self-Loading Periodic Streams (SLoPS), 
for measuring avail-bw. The basic idea in SLoPS is that the one-way delays of a periodic 
packet stream show an increasing trend when the stream's rate is higher than the avail- 
bw. We implemented SLoPS in a tool called pathload. The ac ... 

Keywords: active probing, bottleneck bandwidth, bulk transfer capacity, network 
capacity, packet pair dispersion 



11 Session 3: The limits of global scanning worm detectors in the presence of 
^ background noise 

^ David W. Richardson, Steven D. Gribble, Edward D. Lazowska 

November 2005 Proceedings of the 2005 ACM workshop on Rapid malcode WORM '05 
Publisher: ACM Press 

Full text available: ^ |pdf(430.11 KB) Additional Information: full citation , abstract , references , index terms 

Internet worms cause billions of dollars in damage each year. To combat them, 
researchers have been exploring global worm detection systems to spot a new random 
scanning worm outbreak quickly. These systems passively listen for worm probes on 
unused IP addresses, looking for anomalous increases in probe traffic to distinguish the 
emergence of a new worm from background Internet noise. In this paper, we use analytic 
modeling, simulation, and measurement to understand how background noise impacts 
t ... 

Keywords: computer security, computer worms, scanning worms, worm detection, worm 
models 



12 Information warfare: Learning attack strategies from intrusion alerts 
Peng Ning, Dingbang Xu 

October 2003 Proceedings of the 10th ACM conference on Computer and 
communications security 

Publisher: ACM Press 

Full text available* 155 pdf(248 1 7 KB) Additional Information: full citation , abstract , references , citings , index 

: terms 

Understanding strategies of attacks is crucial for security applications such as computer 
and network forensics, intrusion response, and prevention of future attacks. This paper 
presents techniques to automatically learn attack strategies from correlated intrusion 
alerts. Central to these techniques is a model that represents an attack strategy as a 
graph of attacks with constraints on the attack attributes and the temporal order among 
these attacks. To learn the intrusion strategy is then to ex ... 

Keywords: alert correlation, intrusion detection, profiling attack strategies 



13 Congestion: An empirical evaluation of wide-area internet bottlenecks 
Aditya Akella, Srinivasan Seshan, Anees Shaikh 

October 2003 Proceedings of the 3rd ACM SIGCOMM conference on Internet 
measurement 

Publisher: ACM Press 

Full text available: « g) pdf(428.31 KB) Additional Information: ful^cKation , abstract, references , citings, index 
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Conventional wisdom has been that the performance limitations in the current Internet lie . 
at the edges of the network — Le last mile connectivity to users, or access links of stub 
ASes. As these links are upgraded, however, it is important to consider where new 
bottlenecks and hot-spots are likely to arise. In this paper, we address this question 
through an investigation of non-access bottlenecks. These are links within carrier ISPs or 
between neighboring carriers that could p ... 

14 Monitoring and measurements: Optimal positioning of active and passive monitoring ^ 
<g> devices 

^ Claude Chaudet, Eric Fleury, Isabelle Guerin Lassous, Herve Rivano, Marie-Emilie Voge 
October 2005 Proceedings of the 2005 ACM conference on Emerging network 

experiment and technology CoNEXT'05 
Publisher: ACM Press 

Full text available: ^| pdf(783.63 KB) Additional Information: full citation , abstract , references , index terms 

Network measurement is essential for assessing performance issues, identifying and 
locating problems. Two common strategies are the passive approach that attaches specific 
devices to links in order to monitor the traffic that passes through the network and the 
active approach that generates explicit control packets in the network for measurements. 
One of the key issues in this domain is to minimize the overhead in terms of hardware, 
software, maintenance cost and additional traffic. In this paper ... 



Keywords: active monitoring, optimization, passive monitoring 



15 Wireless troubleshooting: MOJO: a distributed physical layer anomaly detection 
^ system for 802.1 1 WLANs 

^ Anmol Sheth, Christian Doerr, Dirk Grunwald, Richard Han, Douglas Sicker 

June 2006 Proceedings of the 4th international conference on Mobile systems, 

applications and services MobiSys 2006 
Publisher: ACM Press 

Full text available: ^ pdf(444.15 KB) Additional Information: full citation , abstract , references , index terms 

Deployments of wireless LANs consisting of hundreds of 802.11 access points with a large 
number of users have been reported in enterprises as well as college campuses. However, 
due to the unreliable nature of wireless links, users frequently encounter degraded 
performance and lack of coverage. This problem is even worse in unplanned networks, 
such as the numerous access points deployed by homeowners. Existing approaches that 
aim to diagnose these problems are inefficient because they troubleshoo ... 

Keywords: anomaly detection, self-healing, wireless networks 




16 End-to-end available bandwidth: measurement methodology, dynamics, and relation 
with TCP throughput 
Manish Jain, Constantinos Dovrolis 

August 2003 IEEE/ACM Transactions on Networking (TON), volume n issue 4 
Publisher: IEEE Press 

Full text available: ffl odf(934.74 KB) Additional Information: full citation , abstract, references , citings, index 
^ terms 

The available bandwidth (avail-bw) in a network path is of major importance in congestion 
control, streaming applications, quality-of-service verification, server selection, and 
overlay networks. We describe an end-to-end methodology, called self-loading periodic 
streams (SLoPS), for measuring avail-bw. The basic idea in SLoPS is that the one-way 
delays of a periodic packet stream show an increasing trend when the stream's rate is 
higher than the avail-bw. We implemented SLoPS in a tool called < ... 



http://portal.acm.org/results.cfm?coll=ACM&dl=ACM&CFID=27078 1 2&CFTOKEN=2... 1 0/20/2006 



. Results (page 1): +intrusion +detection +probe +packet +"network performance" Page 6 of 7 



Keywords: active probing, bottleneck bandwidth, bulk transfer capacity, network 
capacity, packet pair dispersion 



17 Probing the black box: Performance debugging for distributed systems of black boxes | 
^ Marcos K. Aguilera, Jeffrey C. Mogul, Janet L. Wiener, Patrick Reynolds, Athicha 
^ Muthitacharoen 

October 2003 Proceedings of the nineteenth ACM symposium on Operating systems 
principles 

Publisher: ACM Press 

Full text available- ■P I pdf(408 85 KB) AdditionaI Information: full citation, abstract , references , citings, index 
^ ! terms 

Many interesting large-scale systems are distributed systems of multiple communicating 
components. Such systems can be very hard to debug, especially when they exhibit poor 
performance. The problem becomes much harder when systems are composed of "black- 
box" components: software from many different (perhaps competing) vendors, usually 
without source code available. Typical solutions-provider employees are not always skilled 
or experienced enough to debug these systems efficiently. Our goal is to ... 

Keywords: black box systems, distributed systems, performance analysis, performance 
debugging 



18 Communication over wireless LANs: DOMINO: a system to detect greedy behavior in 

<g> IEEE 802.11 hotspots 

^ Maxim Raya, Jean-Pierre Hubaux, Imad Aad 

June 2004 Proceedings of the 2nd international conference on Mobile systems, 
applications, and services MobiSys '04 

Publisher: ACM Press 

Full text available* fi3 pdf(301 61 KB) Ac ^'ti ona ' Information: full citation , abstract , references , citings , index 
' k^" 4 : terms 

The proliferation of hotspots based on IEEE 802.11 wireless LANs brings the promise of 
seamless Internet access from a large number of public locations. However, as the 
number of users soars, so does the risk of possible misbehavior; to protect themselves, 
wireless ISPs already make use of a number of security mechanisms, and require mobile 
stations to authenticate themselves at the Access Points (APs). However, IEEE 802.11 
works properly only if the stations also respect the MAC protocol. We sh ... 

Keywords: IEEE 802.11, MAC, WISP, hotspot, misbehavior, wireless LAN 



19 Monitoring and measurements: Practical delay monitoring for ISPs 
Baek-Young Choi, Sue Moon, Rene Cruz, Zhi-Li Zhang, Christophe Diot 
October 2005 Proceedings of the 2005 ACM conference on Emerging network 

experiment and technology CoNEXT'05 
Publisher: ACM Press 

Full text available: ^| pdf(2.25 MB) Additional Information: full citation , abstract , references , index terms 

Point-to-point delay is an important network performance measure as well as a key 
parameter in SLAs. We study how to measure and report delay in a concise and 
meaningful way for an ISP, and how to monitor it efficiently. We analyze various 
measurement intervals and potential metric definitions. We find that reporting high 
quantiles (between 0.95 and 0.99)every 10-30 minutes as the most effective way to 
summarize the delay in an ISP. We then propose an active probing scheme to estimate a 
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high qua ... 
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A large number of tools that attempt to estimate network capacity and available 
bandwidth use algorithms that are based on measuring packet inter-arrival time. However 
in recent years network bandwidth has become faster than system input/output (I/O) 
bandwidth. This means that it is getting harder and harder to estimate capacity and 
available bandwidth using these techniques. This paper examines the current bandwidth 
measurement and estimation algorithms, and presents an analysis of how these al ... 

Keywords: algorithm, bandwidth, design, estimation, measure, network, performance, 
system capability 



Results 1 - 20 of 54 Result page: 12 3 next 

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2006 ACM, Inc. 
Terms of Usage Privacy Policy Code of Ethics Contact Us 



Useful downloads: 113 Adobe Acrobat Q QuickTime H I Windows Media Player ™E> Real Player 



http://portal.acm.org/results.c^ 10/20/2006 



